Firefox Quantum Update Fixes Security Vulnerability

Mozilla has rolled out an update to the Firefox Quantum browser to fix a security flaw.

The vulnerability was first discovered by Cisco, which came out with a report about it on Tuesday.

The Hacker News later saw the Cisco report and came out with an article about it.

According to the Cisco report, the Firefox Quantum vulnerability “could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.”

The flaw is a result of “insufficient sanitization of HTML fragments in chrome-privileged documents by the affected software.”

Use of Misleading Language

For the attacker to exploit the security flaw, Cisco also said the hacker might use “misleading language or instructions to persuade a targeted user to open a crafted file.”

Cisco said the flaw does not affect Firefox for Android and Firefox 52 ESR.

As safeguards, Cisco recommended that Firefox Quantum users do not open email messages from suspicious or unrecognized sources as well as attached links

Update Released

Cisco said Mozilla confirmed the security flaw and rolled out Firefox 58.0.1 to patch the vulnerability. It is the first update to Firefox Quantum Browser, Mashable reported.

Mashable said that unlike Chrome, there are not many users of Firefox Quantum, but the security flaw has made those using the Mozilla browser worried.

The site said that less than a month after its launch, Quantum’s first version has had more than 170 million downloads and Mozilla has claimed that “millions of users” continue to download Quantum on a daily basis.

A Mozilla spokesperson told Mashable that they have not come across any incident of a Quantum user’s data being compromised because of the security flaw.

What’s Next?

Firefox Quantum users have been advised to update the browser to fix a security flaw.